Web Scarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is a proxy tool which intercepts Http request and response. It lets us review and modify requests created by the browser before they are sent to the server, and review and modify responses returned from the server before they are received by the browser. It allows editing and replay of previous requests, or creation of entirely new requests. The goal of this project is to have a great tool for manual penetration testing.

Contents

Materials

WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. WebScarab Getting Started is a great place to start. You can download builds of WebScarab from here.